package com.springsecurity.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class LoginController {

    @RequestMapping(value = {"/","login","index"})
    public String login(){
        return "login";
    }

    @RequestMapping("/doLogin")
    public String doLogin(){
        return "redirect:main";
    }

    @RequestMapping("main")
    public String main(){
        return "main";
    }


    @Secured("ROLE_admin")
    @RequestMapping("toAdmin")
    public String toAdmin(){
        return "admin";
    }

    @Secured("ROLE_hr")
    @RequestMapping("toHR")
    public String toHr(){
        return "hr";
    }

    @PreAuthorize("hasAnyRole('admin')")
    @RequestMapping("toAdminUpdate/{id}")
    public String toAdminUpdate(@PathVariable String id){
        System.out.println("admin---userId: "+ id);
        return "update";
    }

    @PostAuthorize("hasRole('hr')")
    @RequestMapping("toHrUpdate/{id}")
    public String toHrUpdate(@PathVariable String id){
        System.out.println("hr---userId: "+ id);
        return "update";
    }
}
